Re: [regext] Mirja Kühlewind's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)
"Gould, James" <jgould@verisign.com> Mon, 06 August 2018 13:47 UTC
Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95755130ED2; Mon, 6 Aug 2018 06:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CXpAwWYQ2lrR; Mon, 6 Aug 2018 06:47:31 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2A08130EC8; Mon, 6 Aug 2018 06:47:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=4960; q=dns/txt; s=VRSN; t=1533563251; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=AnTgs/IUFUmOShtsc2Ld5U3kg7Op+05t14apC6AgghA=; b=MJuFEghSQdnvfkoAVlTbgrvrljAI5OFjn4fRYRmtcVL9k4y16mvy1hBt Wa6XszV00oLIPdscR4dGrUtQqs/9BzvVRfgzYHDoxftU2+sAb+AaDqvAX Ubhlud+PSCS/RMoofIX3mjg3VNeej9wqsimjyzbnP9uFm5K4TrS7CmDgD BdRsbR3BiymjhrBjBsbeXsGA0+UQYgChDSutE0V7D6tY4ArSPUJSjYm0E T4mIdiqZKetfrS7drRiz0/v2HObWLRwfXqWfM6xIXtw6fTNY07z1Knycn YGQvHeH26pV2SoAsmsI8AMUKhCtCzO62NPGAXdVFnPK/QbHJFw8ZbHVIL Q==;
X-IronPort-AV: E=Sophos;i="5.51,452,1526342400"; d="scan'208";a="5103859"
IronPort-PHdr: 9a23:hxk9tBW90JAuTFZPQM7mx0UpZ6rV8LGtZVwlr6E/grcLSJyIuqrYZReFuKdThVPEFb/W9+hDw7KP9fy4BypYud6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCybL9uLRi6txndutULioZ+N6g9zQfErGFVcOpM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLfQguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxmUwHjhjsZODEl8WHXks1wg7xdoBK9vBx03orYbJiIOPZiYq/ReNUXTndDUMlMTSxMGoOyYZUSAeodM+hWrIf9qFkAohu/GQaiC+zgxyRUhnDt2K02z/gtHBvE0QEmAtkAsG7UrNLwNKoKX+y7za7IzSjHb/xLwTv29YzGfQokof6SRrJ8f9faxE4tFwPKiVWQtIjlMC6O2+QTrWeb9etgVfmui24orQF9uCSgxsApioTQgI8e117K9SJ8wIkvJN24TlZ2YcC6H5tKtiGaLIp2QswkQ2FpviY11qcKtoK8fCgP0JgnxgDQa+CJc4SS5RLjTumRLDFlj3xmYLKynwu+/VS6xuHhVMS53kxGojdFn9TCrHwA2Bje5tCaRvdh5EutxDSC2xzJ5u1ZLk05lrDXJ4Miz7IomJocr0fOEjPzlUjzlqCbdUEp9fOt5unpfLnpu56ROopvhQz6M6kjmMmyDOo2PwUMQmeW//m32qf58k3jWrpKi+U7kqzesJ/HO8sWvrW5AwpJ0oY77Ba/Eium3MwYnXYZKFJFfwqKgpX1NV/WPfz3De+xjVutnzt32fzKJKPhDYnKLnjZiLftZ6xy5FNGxAot19Bf/JRUBqsdL/L0X0/9rN3YDhknPAyo2+vrFclx2pkDVW+NDKKVKr7evF+G6+41LOSBYJcZuDPnJPgk4/7ug2U5mVgYfaSx35sXZ3e4HuliI0qEenfsnMkOEX0LvgolTezqh1uCXSRPaHa1WqIw/is7B56+DYffWoCth6SM3CalEZ1KaGBLEVOMEWr2eIWEX/cDdiyTIs5nkjMZT7ShTZEu1Q22vg/g17VnNvbU+jEftZ/71dh6+fbTlR4p+Dx1Ecudz2+NQ3tznmMSSD88xLp/rlBlylefzah4hORVGsFJ5/xTXAc6KYfQz+1kBNDuVALNZ82JR0ipQtq4DjAxUss9zMUKY0Z5HNWtkgrM3zarA78SkbyHHYA08qXf33fvIcZw0HfG27c9j1koWMdPMnemhqFn/QjJG4HJi1mZl7qtdakExC7C7nuDzXCPvE5EUw58VqTFUm4DZkvYttn2+13NQKG2Cbs7NQtB09CNJrFNat3zglVMXO3jN8jGY2Kth2ewAg6FxqmSY4rlZWoc0zndBFEYnAAT53mGNBI+Bjy6rmLfEjNuCVzvb1nr8elkp3OxVlU0wB2Sb019y7q1/QYYheSZS/4Iw70EvzshpC9yHFmgw93WDMCMqBZmfKVZedk9+ktI1XrFtwxhOZytN7piiUARcwtpsELuyw56CoRensg2onMm1g1yKbiX0AAJSzTN+JHqOLSfCf3y+B2waqjakgXf3cqY0qQS5fQ8pkriug3vEEc+pTEv79lYm1qx3bqCWAsfSp3ZU0sr+V59vb6MMQcn4IaBn1JrLK249nfg0tckH6FtnhSveMpbPIuaGRXzCMwVAY6lL+l8yAvhVQ4NIO0HrP18BMihbfbTnffzZOs=
X-IPAS-Result: A2GWAAAaUGhb/zGZrQpYAxsBAQEBAwEBAQkBAQGEMYEnCoN1iAmOLoNhkisUgSsXJAsTEAuEPgIXgzE0GAECAQEBAQEBAgEBAoEFDII1JAEOLxwvCAEFAQEBAQEBJwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAc1EgEaBiMRNw4QAgEIGgIfBwICAjAVBQsCBAEJBAWDIAGCDqtNgS6KUIELiBWBQj6BEicME4JMgxsCAQIBgSoBEgEJFhcKJoI6MYIkAod8kjcDBgKGGIp4RoNbiDKCA4YcgkyHTAIEAgQFAhSBQYEaWBEIcBU7KgGCPgmCHBcRgzSFFIU+bwEMJI0qgR+BGwEB
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Mon, 6 Aug 2018 09:47:29 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1466.003; Mon, 6 Aug 2018 09:47:29 -0400
From: "Gould, James" <jgould@verisign.com>
To: Mirja Kühlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>
CC: "draft-ietf-regext-allocation-token@ietf.org" <draft-ietf-regext-allocation-token@ietf.org>, Patrick Mevzek <patrick+ietf@deepcore.org>, "regext-chairs@ietf.org" <regext-chairs@ietf.org>, "pm@dotandco.com" <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Mirja Kühlewind's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)
Thread-Index: AQHULXwIuQgoQ/KalEyd9mS1WgpEHKSyvRCA
Date: Mon, 06 Aug 2018 13:47:29 +0000
Message-ID: <32AED330-D0FD-445C-9999-8AF31FF0E807@verisign.com>
References: <153355638132.26613.6843756928813998023.idtracker@ietfa.amsl.com>
In-Reply-To: <153355638132.26613.6843756928813998023.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.e.1.180613
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <A4B49C32C02CA04DB77FEF01EEDB1FE3@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/kn8s6ok8Rpe1Pu0X715oXBs0JMQ>
Subject: Re: [regext] Mirja Kühlewind's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 13:47:34 -0000
Mirja, Thank you for your review and feedback. My responses are embedded below. — JG James Gould Distinguished Engineer jgould@Verisign.com 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> On 8/6/18, 7:53 AM, "Mirja Kühlewind" <ietf@kuehlewind.net> wrote: Mirja Kühlewind has entered the following ballot position for draft-ietf-regext-allocation-token-09: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Two quick questions (and I'm really no expert here, so these questions might be stupid): 1) Why should the check return 'unavailable' if the object does not require an Allocation Token but the check is send with an Allocation Token (sec 3.1.1)? Is that obvious to everybody else but me or should that maybe be further explained in the doc? And inline with that, why is it not a MUST to return 'unavailable' if a Token is required but the sent token doesn't match? JG - The draft really doesn't discuss the case where the object does not require an Allocation Token and the check command includes the Allocation Token, but it does cover the two cases where the object does require an Allocation Token and the passed Allocation Token matches (MUST return available) and doesn't match (SHOULD return unavailable). The check command, per RFC 5731, supports many domain names in a single command, and it provides "a hint that allows a client to anticipate the success or failure of provisioning an object using the <create> command" . The Allocation Token in draft-ietf-regext-allocation-token is a single value that is applied to all domain names, where we don't want the protocol to be overly strict in defining the availability value. The most strict policy would be to return all domain names that don't require an Allocation Token or where the Allocation Token doesn't match as unavailable. Since the Allocation Token may apply to only one of the domain names in the list, the protocol only requires (MUST) the server to return an Allocation Token match as available. The Allocation Token mismatch is treated as a SHOULD and a non-applicable Allocation Token is undefined to enable server-policy to determine the behavior. Does this make sense? 2) Why is this mechanism not applied to delete, renew, and update? JG - Allocation is when the server assigns the sponsoring client of an object based on the use of an Allocation Token credential, which is not applicable to a delete, a renew, and an update. The common case for allocation is with the use of the create command and the less common case for allocation is with the use of the transfer command (e.g., transfer from server to sponsoring client). The draft did initially include support for an extended update that defines a new verb like "allocate", but the WG agreed to remove the extension of the update.
- [regext] Mirja Kühlewind's No Objection on draft-… Mirja Kühlewind
- Re: [regext] Mirja Kühlewind's No Objection on dr… Gould, James
- Re: [regext] Mirja Kühlewind's No Objection on dr… Mirja Kuehlewind (IETF)
- Re: [regext] Mirja Kühlewind's No Objection on dr… Gould, James
- Re: [regext] Mirja Kühlewind's No Objection on dr… Mirja Kuehlewind (IETF)